SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses

Despite the security concerns many of us share regarding wireless technology, it is here to stay. In fact, not only is wireless here to stay, but it is growing in deployment and utilization with wireless LAN technology and WiFi as well as with other applications, including cordless telephones, smart homes, embedded devices, and more. Technologies like ZigBee and Z-Wave offer new methods of connectivity to devices, while other wireless technology, including WiFi, Bluetooth, Bluetooth Low Energy, and DECT continue their massive growth rate, each introducing their own set of security challenges and attacker opportunities.

To be a wireless security expert, you need to have a comprehensive understanding of the technology, the threats, the exploits, and the defense techniques along with hands-on experience in evaluating and attacking wireless technology. Not limiting your skill-set to WiFi, you'll need to evaluate the threat from other standards-based and proprietary wireless technologies as well. This course takes an in-depth look at the security challenges of many different wireless technologies, exposing you to wireless security threats through the eyes of an attacker. Using readily available and custom-developed tools, you'll navigate your way through the techniques attackers use to exploit WiFi networks, including attacks against WEP, WPA/WPA2, PEAP, TTLS, and other systems, including developing attack techniques leveraging Windows 7 and Mac OS X. We'll also examine the commonly overlooked threats associated with Bluetooth, ZigBee, DECT, and proprietary wireless systems. As part of the course, you'll receive the SWAT Toolkit, which will be used in hands-on labs to back up the course content and reinforce wireless ethical hacking techniques.

Using assessment and analysis techniques, this course will show you how to identify the threats that expose wireless technology and build on this knowledge to implement defensive techniques that can be used to protect wireless systems.

Lab: Live Network Mapping, using gpsmap to map wireless networks in the area

IEEE 802.11 MAC: In-Depth

Common capabilities of the IEEE 802.11 MAC, understanding the architecture and operating of ad-hoc and infrastructure networks, phases of station authentication and association, understanding the operation and behavior of IEEE 802.1X authentication

Identifying capabilities and features of EAP types including PEAP, EAP/TLS, TTLS, EAP-FAST

Throughout the course, you will participate in numerous hands-on exercises using a Linux system based on Backtrack 5 that is provided at the beginning of class. You will need a laptop to run the Linux environment for lab exercises, using Windows or Mac OS X as the host environment.

You will use VMware to run the Linux environment used for lab exercises. You can download VMware Player for free from www.vmware.com, or you may use VMware Workstation or VMware Fusion.

Mandatory Laptop Hardware Requirements:

CPU: x86-compatible 1.5 GHz or higher is recommended

DVD Drive (not a CD drive)

2 GB of RAM minimum

Two free USB 2.0 interfaces

10 GB free disk space

Windows XP or later, native or guest

Paranoia is Good

During the lab exercises, you will be connecting to a hostile wireless network! Your laptop might be attacked. Do not have any sensitive data stored on the system. SANS is not responsible for your system if it is attacked.

By bringing the right equipment and preparing in advance, you can maximize what you'll see and learn as well as have a lot of fun.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

"SEC617 helps bridge the gap of knowledge between the specialized attackers and corporate administrators." - Robert Luettjohann, Overstock.com

"The labs were great and provided a good means to practice the material. An excellent course for all levels of professionals who are dealing with wireless in the organization." - John Fruge, B&W Technical Services

"This class will not only give you a basic understanding of wireless threats and vulnerabilities, but it can be as advanced as you want to make it with the questions that you ask." - Daniel Mayernik, Integrity Applications Incorporated

"The course offers an in-depth look at the how and why of wireless exploits. It gets you thinking again." - Todd Hick, BIMA

Author Statement

It's been amazing to watch the progression of wireless technology over the past several years. WiFi has grown in maturity and offers strong authentication and encryption options to protect networks, and many organizations have migrated to this technology. At the same time, attackers are becoming more sophisticated, and we've seen significant system breaches netting millions of payment cards that start with a wireless exploit. This pattern has me very concerned, as many organizations, even after deploying WPA2 and related technology, remain vulnerable to a number of attacks that expose their systems and internal networks.

With the tremendous success of WiFi, other wireless protocols have also emerged to satisfy the needs of longer-distance wireless systems (WiMAX), lightweight embedded device connectivity (ZigBee and IEEE 802.15.4), and specialty interference-resilient connectivity (Bluetooth and DECT). Today, it's not enough to be a WiFi expert; you also need to be able to evaluate the threat of other standards-based and proprietary wireless technologies as well.

In putting this class together, I wanted to help organizations recognize the multi-faceted wireless threat landscape and evaluate their exposure through ethical hacking techniques. Moreover, I wanted my students to learn critical security analysis skills so that, while we focus on evaluating wireless systems, the vulnerabilities and attacks we leverage to exploit these systems can be applied to future technologies as well. In this manner, the skills you build in this class remain valuable for today's wireless technology, tomorrow's technology advancements, and for other complex systems you have to evaluate in the future as well.

- Joshua Wright

Additional Resources

Take your learning beyond the classroom. Explore our site network for additional resources related to this course's subject matter.

Downloads

Share

As a SysAdmin, I found this course invaluable. It not only gave me the skills I need to audit my own systems, but also gave me some insight on how to better work with external auditors.Christoper O'KeefeSANS Student